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A system for transferW secure datg on a network comprising: 

a) a client capable of presenting conforming client data; 

b) a server capable of using said conforming client data to create at least one 
secure cookie, each of said at least one secure cookie including: 
i) a domain field capable of holding domain data to associate said secure 



ib\ 



cookie to a domain where said secure cookie is valid; 

ii) at least one name field capable of holding name data; 

iii) at least one value field\capable of holding value data derived from said 
conforming client data; and 

iv) an expiration field capable of holding cookie expiration data; 

c) a network capable of transporting at least one of said at least one secure cookie 
between said server and said client; 

d) a client storage means capable^ storing at least one of said at least one secure 
cookie; and 

e) a secure attribute service between said client and said server using said at least 
one of said at least one secure cookie. 



80. A system according to claim 79, wherein said client is a web browser. 

81 .A system according to claim 79, wherein aH^ast one of said at least one secure 
cookie is an authentication cookie. 
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82. A system according to claim 79, wherein said secure attribute service includes said 
server authenticating said client by comparing said conforming client data with said 
value data. 

83. A system according to clairr^81, wherein said authentication cookie is an IP cookie 
and said conforming client data includes the IP address of said client. 



84. A system according to claim 81 , wherein said authentication cookie is a password 
cookie and said conforming client data includes a password. 



85. A system according to claim 84, wherein said password is processed using a 
hashing algorithm. \ 

86. A system according to claim 84, wherein said password is processed using an 
encryption algorithm. \ 

87. A system according to claim 81 , wherein said authentication cookie is a sign cookie 
and said conforming client data includes a digital signature on a timestamp. 

88. A system according to claim 81, further including a secret-key based authentication 
service. \ 
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89. A system according to claim 88, and wherein said authentication cookie is a KT 

\ 

cookie and said conforming client data includes a Kerberos ticket created using a 
Kerberos protocol. 



90. A system according to claim 79, wherein at least one of said at least one secure 
cookie includes a multitude of secure cookies. 



91. A system according to claim 90, wherein at least one of said at least one secure 
cookie is a seal cookie capable of being used by said server to determine if another 
cookie in said multitude of secure cookies has been altered. 

92. A system according to claim 91, wfierein said seal cookie includes an integrity check 
value. 

93. A system according to claim 91 , wherein said seal cookie includes the signature of a 
message digest signed using a private\key. 

94. A system according to claim 79, wherein\at least one of said at least one name field 
and at least one of said at least one valueifield are a pair. 

95. A system according to claim 79, wherein at least one of said at least one secure 
cookie further includes a flag, said flag specifying whether all machines within said 
domain referenced by said domain data can access said value data. 
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96. A system according to claim 79, wherein at least one of said at least one secure 
cookie is a key cookie containing an encrypted session key, said session key 
capable of encrypting said value data contained in another of said at least one 
secure cookie. 



97. A system according to claim 79yvherein at least one of said at least one secure 
cookie is used in an electronic transaction. 



98. A system according to claim 79, wherein said system is part of a role based access 
control system and at least one of s$id at least one secure cookie is used in 
assigning client roles. 



99. A method for the transfer of secure data on a network including the steps of: 

a) a client making a request from a server; 

b) said server retrieving conforming clienfidata; 

c) said server creating at least one secure\cookie, each of said at least one secure 
cookie including selected conforming client data, said selected conforming data 
including at least some of said conforming\client data; 

d) said server transmitting at least one of said^t least one secure cookie to said 
client; 

e) said client storing at least one of said at least 6ne secure cookie; 
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f) said client presenting to a related server at least one of said stored at least one 
secure cookie with a second request, said related server residing on the same 
domain as said server; 

g) said related server making a determination of whether at least one of said at 
least one retrieved stored at least one secure cookie contains said selected 
conforming client data; and 

h) said related server fulfilling said second request if said determination is positive. 

100. A method of claim 99 wherein at least some of said conforming client data is 
retrieved from said client. \ 

101 . A method of claim 99, wherein said conforming client data includes a client's IP 
address. \ 

102. A method of claim 99, wherein said conforming client data includes a password. 

103. A method of claim 99, wherein said\conforming client data includes a Kerberos 
ticket. \ 

104. A method of claim 99, wherein said conforming client data includes a digital 
signature. \ 

105. A method of claim 104, wherein said determination further includes verifying that 
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said digital signature belongs to said client. 



106. A method of claim^9, further including the step of said server encrypting at least 
some of said selected informing client data. 

107. A method of claim 10^, wherein said encrypting uses a public key. 

108. A method of claim 10& wherein said encrypting uses a secret key. 

109. A method of claim 106, Lrther including the step of said server decrypting said 
encrypted selected conforming client data using a private key. 

110. A method of claim 104, further including the step of said server decrypting said 
encrypted selected conformingiclient data using a secret key. 



111. A method of claim 99, furthenincluding the step of said server hashing at least 
some of said conforming client data. 



112. A method of claim 99, wherein said conforming client data includes data derived 
from at least one item from the group\consisting of: 

a) the client's IP address; 

b) a password; 

c) a Kerberos ticket; 
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d) 



credit card data; 



e) 



social security number; 



f) 



g) 



a digital signature of the client; and 

\ 

a home address. 



\ 



113. A method of claim 99, wherein said determination is positive only if said selected 



conforming client data was retrieved by said server from said client during the 
current session. \ 

114. A method of claim 99, wherein said secure cookie contains a digital signature of 
said client on a time-stamp. \ 

115. A method of claim 99, further including the step of providing integrity to at least 
one of said at least one secure cookie comprising: 

a) said server creating integrity data flram at least one of said at least one secure 
cookie, said integrity data including at least one item selected from the group: 

i) encrypted said selected conforming\client data; 

ii) a digital signature; and \ 

iii) a message digest; \ 

b) said server inputting said integrity data into a seal cookie; and 

c) said server storing said seal cookie. \ 

116. A method of claim 99, wherein said request is part \f an electronic transaction. 
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